Your leading law firm for IT, privacy and digital transformation

AVDR: Journal IT and Data 24 April 2024

In de media verschijnen de laatste tijd doorlopend berichten dat organisaties onvoldoende voorbereid zouden zijn op NIS-2. Deze Europese richtlijn introduceert voor een veel breder spectrum aan organisaties verschillende verplichtingen met als doel de cyberweerbaarheid van deze organisaties en daarmee de Europese Unie te vergroten. In dit AvdR IT & Data Journaal gaan Tom de

DORA: ‘Technical Standards,’ new pieces of the puzzle

The Digital Operational Resilience Act (“DORA”) aims to harmonize rules related to digital resilience for the financial sector. DORA applies to 21 different types of financial entities. As of January 17, 2025, DORA is effective. Earlier we reported on DORA and the impact DORA will have on contracting with IT suppliers. The latter is part

What issues housing associations face under the GDPR

Housing corporations have a special position under the law. For example, the housing corporation’s task is to allocate rental housing appropriately and provide a certain level of living enjoyment to residents. In performing its duties, a housing corporation obtains and processes various personal data from its (potential) tenants. In many cases, there is a need

Announcement of monthly ‘chef’s table’ meetings Turing Law

Starting Feb. 27, we will organize monthly professional consultations that you can join. During the meeting, one or more lawyers will talk about a particular topic. Read more below or register immediately via our website.  The chef’s table: meetings on various legal topics The chef’s table is also described as the heart of a restaurant.

Annual Review of Privacy 2023

In the year 2023, legislators, the judiciary and regulators were frequently busy in the field of privacy and data protection. Meanwhile, the AVG celebrated its fifth anniversary which provided a moment to look back and look forward. Or as AP Chairman Aleid Wolfsen described it: reason to celebrate and reflect. Wolfsen predicted a changing role

AVDR: Journal IT and Data October 31

On October 31, Esmee Fonville and Tom de Wit presented their second IT and Data journal. This time the topic was current IT case law. Esmee and Tom elaborated on several recent rulings on agile methodology, creditor default, IT vendor’s duty of care and IT procurement. In our next journal, we will take a closer

AVDR: Journal IT and DATA, August 29

On August 29, Esmee Fonville and Tom de Wit conducted the first journal ‘IT and data law journal’. Topic of this journal was “Duty of Care of the IT Supplier. After explaining the subject and the importance of the IT supplier’s duty of care, recent case law surrounding the duty of care was discussed. Using

Dutch Supreme court on GDPR civil enforcement of data subjects’ rights, repeating requests and the six-week deadline

In a recent judgment, the Dutch Supreme Court ruled (available in Dutch only) on a number of procedural aspects for the exercise of data subjects’ rights under the General Data Protection Regulation Act (“GDPR“) and the national implementation thereof. This regards the civil enforcement of data subjects’ rights, “repeated” requests and what effect is of

IT conflict escalated? IT mediation may be the solution

IT projects can be complex and although supplier and customer like to regard each other as partners, interests diverge. This can cause IT projects to come under pressure or actually derail as a result of differences of opinion about the scope, price and/or delivery date of the project. Mediation: when is it useful? If parties

Recap Turing Summer Drinks 2023

On Wednesday 16 August 2023, the now traditional Turing Summer Drinks took place. Whereas last year we celebrated the start of our office, this time we could proudly toast on the expansion of our team and the move to new premises. As in previous years, we met again yesterday at Pavlov restaurant in The Hague,

Burden of proof in a claim of information breach

The burden of proof following the Facebook ruling On March 15, 2023, the District Court of Amsterdam issued a ruling in a class action against Facebook (ECLI:NL:RBAMS:2023:1407). This is an interesting ruling, because the court discusses in detail the application of the GDPR, such as the possible joint processing responsibility within the Facebook group and

How do judges rule on GDPR right to access requests? Copy or no copy?

The Court of Justice of the EU has clarified whether the right of access from Article 15(3) GDPR also gives a right to a copy of the documents in which the personal data are recorded. This is only the case if that copy is necessary for an understandable and verifiable right of access by the data subject.

Update on the use of cookies

The rules for being allowed to store and retrieve cookies are laid down in European and national laws and regulations. The rules specifically for cookies are based on the European ePrivacy Directive, which has been implemented in the Netherlands in the Dutch Telecommunications Act (art. 11.7a). The rules concerning the processing of personal data –

How should online search engine operators deal with requests for removal of links to (allegedly) inaccurate or fake third-party content?

Online search engine operators (‘search engines’) are often faced with individuals (applicants) requesting that an online negative publication or review about them no longer be indexed (linked) in the engine operator’s search results. In doing so, it is often argued that that negative publication or review would contain inaccurate or false information. For example, a

Annual Review of Privacy 2022

2022 was a year in which the (European) legislator, judges and regulators made plenty of noise in the field of privacy law. Numerous legislative initiatives at both the European and national levels saw the light of day, and more than once did the Dutch Data Protection Authority advise the Dutch legislator to pay more attention

Annual review of IT 2022

The year 2022 shows a multitude of legislative and policy initiatives related to IT and data at the European and national levels. The European Commission took seriously its President’s 2021 call to shape digital transformation, especially in the areas of data, artificial intelligence and cybersecurity. At the national level, we also saw a lot happening

GDPR & international transfer: deadline December 27, 2022

Last year, on June 4, 2021, the European Commission published a new model contract (in English: “Standard Contractual Clauses” or abbreviated “SCCs”) for the transfer of personal data to countries outside the European Economic Area (“EEA“). The old model contracts were no longer to be used for new transfers of personal data as of September

ARBIT 2022 – IT supplier obligations further tightened

On 10 September 2022, the new Arbit (General Government Conditions of IT Procurement) terms and conditions came into force. These Arbit 2022 replace the earlier version from 2018. These terms and conditions are used by the central government, such as ministries, independent administrative bodies and regulators as well as other public authorities for the procurement